chore(deps): update dependency axios to v1.15.0 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
axios (source)	devDependencies	minor	1.13.2 → 1.15.0

---

Release Notes

axios/axios (axios)

v1.15.0

Compare Source

Bug Fixes

• headers: fixed & optimized clear method; (#​5507) (9915635)
• http: add zlib headers if missing (#​5497) (65e8d1e)

Features

• fomdata: added support for spec-compliant FormData & Blob types; (#​5316) (6ac574e)

Contributors to this release

• Dmitriy Mozgovoy
• ItsNotGoodName

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.6 (2023-01-28)

Bug Fixes

• headers: added missed Authorization accessor; (#​5502) (342c0ba)
• types: fixed CommonRequestHeadersList & CommonResponseHeadersList types to be private in commonJS; (#​5503) (5a3d0a3)

Contributors to this release

• Dmitriy Mozgovoy

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.5 (2023-01-26)

Bug Fixes

• types: fixed AxiosHeaders to handle spread syntax by making all methods non-enumerable; (#​5499) (580f1e8)

Contributors to this release

• Dmitriy Mozgovoy
• Elliot Ford

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.4 (2023-01-22)

Bug Fixes

• types: renamed RawAxiosRequestConfig back to AxiosRequestConfig; (#​5486) (2a71f49)
• types: fix AxiosRequestConfig generic; (#​5478) (9bce81b)

Contributors to this release

• Dmitriy Mozgovoy
• Daniel Hillmann

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

1.2.3 (2023-01-10)

Bug Fixes

• types: fixed AxiosRequestConfig header interface by refactoring it to RawAxiosRequestConfig; (#​5420) (0811963)

Contributors to this release

• Dmitriy Mozgovoy

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.2.2] - 2022-12-29

Fixed

• fix(ci): fix release script inputs #​5392
• fix(ci): prerelease scipts #​5377
• fix(ci): release scripts #​5376
• fix(ci): typescript tests #​5375
• fix: Brotli decompression #​5353
• fix: add missing HttpStatusCode #​5345

Chores

• chore(ci): set conventional-changelog header config #​5406
• chore(ci): fix automatic contributors resolving #​5403
• chore(ci): improved logging for the contributors list generator #​5398
• chore(ci): fix release action #​5397
• chore(ci): fix version bump script by adding bump argument for target version #​5393
• chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 #​5342
• chore(ci): GitHub Actions Release script #​5384
• chore(ci): release scripts #​5364

Contributors to this release

• Dmitriy Mozgovoy
• Winnie

[1.2.1] - 2022-12-05

Changed

• feat(exports): export mergeConfig #​5151

Fixed

• fix(CancelledError): include config #​4922
• fix(general): removing multiple/trailing/leading whitespace #​5022
• fix(headers): decompression for responses without Content-Length header #​5306
• fix(webWorker): exception to sending form data in web worker #​5139

Refactors

• refactor(types): AxiosProgressEvent.event type to any #​5308
• refactor(types): add missing types for static AxiosError.from method #​4956

Chores

• chore(docs): remove README link to non-existent upgrade guide #​5307
• chore(docs): typo in issue template name #​5159

Contributors to this release

• Dmitriy Mozgovoy
• Zachary Lysobey
• Kevin Ennis
• Philipp Loose
• secondl1ght
• wenzheng
• Ivan Barsukov
• Arthur Fiorette

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.2.0] - 2022-11-10

Changed

• changed: refactored module exports #​5162
• change: re-added support for loading Axios with require('axios').default #​5225

Fixed

• fix: improve AxiosHeaders class #​5224
• fix: TypeScript type definitions for commonjs #​5196
• fix: type definition of use method on AxiosInterceptorManager to match the the README #​5071
• fix: __dirname is not defined in the sandbox #​5269
• fix: AxiosError.toJSON method to avoid circular references #​5247
• fix: Z_BUF_ERROR when content-encoding is set but the response body is empty #​5250

Refactors

• refactor: allowing adapters to be loaded by name #​5277

Chores

• chore: force CI restart #​5243
• chore: update ECOSYSTEM.md #​5077
• chore: update get/index.html #​5116
• chore: update Sandbox UI/UX #​5205
• chore:(actions): remove git credentials after checkout #​5235
• chore(actions): bump actions/dependency-review-action from 2 to 3 #​5266
• chore(packages): bump loader-utils from 1.4.1 to 1.4.2 #​5295
• chore(packages): bump engine.io from 6.2.0 to 6.2.1 #​5294
• chore(packages): bump socket.io-parser from 4.0.4 to 4.0.5 #​5241
• chore(packages): bump loader-utils from 1.4.0 to 1.4.1 #​5245
• chore(docs): update Resources links in README #​5119
• chore(docs): update the link for JSON url #​5265
• chore(docs): fix broken links #​5218
• chore(docs): update and rename UPGRADE_GUIDE.md to MIGRATION_GUIDE.md #​5170
• chore(docs): typo fix line #​856 and #​920 #​5194
• chore(docs): typo fix #​800 #​5193
• chore(docs): fix typos #​5184
• chore(docs): fix punctuation in README.md #​5197
• chore(docs): update readme in the Handling Errors section - issue reference #​5260 #​5261
• chore: remove \b from filename #​5207
• chore(docs): update CHANGELOG.md #​5137
• chore: add sideEffects false to package.json #​5025

Contributors to this release

• Maddy Miller
• Amit Saini
• ecyrbe
• Ikko Ashimine
• Geeth Gunnampalli
• Shreem Asati
• Frieder Bluemle
• 윤세영
• Claudio Busatto
• Remco Haszing
• Dmitriy Mozgovoy
• Csaba Maulis
• MoPaMo
• Daniel Fjeldstad
• Adrien Brunet
• Frazer Smith
• HaiTao
• AZM
• relbns

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.3] - 2022-10-15

Added

• Added custom params serializer support #​5113

Fixed

• Fixed top-level export to keep them in-line with static properties #​5109
• Stopped including null values to query string. #​5108
• Restored proxy config backwards compatibility with 0.x #​5097
• Added back AxiosHeaders in AxiosHeaderValue #​5103
• Pin CDN install instructions to a specific version #​5060
• Handling of array values fixed for AxiosHeaders #​5085

Chores

• docs: match badge style, add link to them #​5046
• chore: fixing comments typo #​5054
• chore: update issue template #​5061
• chore: added progress capturing section to the docs; #​5084

Contributors to this release

• Jason Saayman
• scarf
• Lenz Weber-Tronic
• Arvindh
• Félix Legrelle
• Patrick Petrovic
• Dmitriy Mozgovoy
• littledian
• ChronosMasterOfAllTime

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.2] - 2022-10-07

Fixed

• Fixed broken exports for UMD builds.

Contributors to this release

• Jason Saayman

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.1] - 2022-10-07

Fixed

• Fixed broken exports for common js. This fix breaks a prior fix, I will fix both issues ASAP but the commonJS use is more impactful.

Contributors to this release

• Jason Saayman

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.1.0] - 2022-10-06

Fixed

• Fixed missing exports in type definition index.d.ts #​5003
• Fixed query params composing #​5018
• Fixed GenericAbortSignal interface by making it more generic #​5021
• Fixed adding "clear" to AxiosInterceptorManager #​5010
• Fixed commonjs & umd exports #​5030
• Fixed inability to access response headers when using axios 1.x with Jest #​5036

Contributors to this release

• Trim21
• Dmitriy Mozgovoy
• shingo.sasaki
• Ivan Pepelko
• Richard Kořínek

PRs

• CVE 2023 45857 ( #​6028 )

⚠️ Critical vulnerability fix. See https://security.snyk.io/vuln/SNYK-JS-AXIOS-6032459

[1.0.0] - 2022-10-04

Added

• Added stack trace to AxiosError #​4624
• Add AxiosError to AxiosStatic #​4654
• Replaced Rollup as our build runner #​4596
• Added generic TS types for the exposed toFormData helper #​4668
• Added listen callback function #​4096
• Added instructions for installing using PNPM #​4207
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill #​4229
• Added axios-url-template in ECOSYSTEM.md #​4238
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an axios instance #​4248
• Added react hook plugin #​4319
• Adding HTTP status code for transformResponse #​4580
• Added blob to the list of protocols supported by the browser #​4678
• Resolving proxy from env on redirect #​4436
• Added enhanced toFormData implementation with additional options 4704
• Adding Canceler parameters config and request #​4711
• Added automatic payload serialization to application/x-www-form-urlencoded #​4714
• Added the ability for webpack users to overwrite built-ins #​4715
• Added string[] to AxiosRequestHeaders type #​4322
• Added the ability for the url-encoded-form serializer to respect the formSerializer config #​4721
• Added isCancel type assert #​4293
• Added data URL support for node.js #​4725
• Adding types for progress event callbacks #​4675
• URL params serializer #​4734
• Added axios.formToJSON method #​4735
• Bower platform add data protocol #​4804
• Use WHATWG URL API instead of url.parse() #​4852
• Add ENUM containing Http Status Codes to typings #​4903
• Improve typing of timeout in index.d.ts #​4934

Changed

• Updated AxiosError.config to be optional in the type definition #​4665
• Updated README emphasizing the URLSearchParam built-in interface over other solutions #​4590
• Include request and config when creating a CanceledError instance #​4659
• Changed func-names eslint rule to as-needed #​4492
• Replacing deprecated substr() with slice() as substr() is deprecated #​4468
• Updating HTTP links in README.md to use HTTPS #​4387
• Updated to a better trim() polyfill #​4072
• Updated types to allow specifying partial default headers on instance create #​4185
• Expanded isAxiosError types #​4344
• Updated type definition for axios instance methods #​4224
• Updated eslint config #​4722
• Updated Docs #​4742
• Refactored Axios to use ES2017 #​4787

Deprecated

• There are multiple deprecations, refactors and fixes provided in this release. Please read through the full release notes to see how this may impact your project and use case.

Removed

• Removed incorrect argument for NetworkError constructor #​4656
• Removed Webpack #​4596
• Removed function that transform arguments to array #​4544

Fixed

• Fixed grammar in README #​4649
• Fixed code error in README #​4599
• Optimized the code that checks cancellation #​4587
• Fix url pointing to defaults.js in README #​4532
• Use type alias instead of interface for AxiosPromise #​4505
• Fix some word spelling and lint style in code comments #​4500
• Edited readme with 3 updated browser icons of Chrome, FireFox and Safari #​4414
• Bump follow-redirects from 1.14.9 to 1.15.0 #​4673
• Fixing http tests to avoid hanging when assertions fail #​4435
• Fix TS definition for AxiosRequestTransformer #​4201
• Fix grammatical issues in README #​4232
• Fixing instance.defaults.headers type #​4557
• Fixed race condition on immediate requests cancellation #​4261
• Fixing Z_BUF_ERROR when no content #​4701
• Fixing proxy beforeRedirect regression #​4708
• Fixed AxiosError status code type #​4717
• Fixed AxiosError stack capturing #​4718
• Fixing AxiosRequestHeaders typings #​4334
• Fixed max body length defaults #​4731
• Fixed toFormData Blob issue on node>v17 #​4728
• Bump grunt from 1.5.2 to 1.5.3 #​4743
• Fixing content-type header repeated #​4745
• Fixed timeout error message for http 4738
• Request ignores false, 0 and empty string as body values #​4785
• Added back missing minified builds #​4805
• Fixed a type error #​4815
• Fixed a regression bug with unsubscribing from cancel token; #​4819
• Remove repeated compression algorithm #​4820
• The error of calling extend to pass parameters #​4857
• SerializerOptions.indexes allows boolean | null | undefined #​4862
• Require interceptors to return values #​4874
• Removed unused imports #​4949
• Allow null indexes on formSerializer and paramsSerializer #​4960

Chores

• Set permissions for GitHub actions #​4765
• Included githubactions in the dependabot config #​4770
• Included dependency review #​4771
• Update security.md #​4784
• Remove unnecessary spaces #​4854
• Simplify the import path of AxiosError #​4875
• Fix Gitpod dead link #​4941
• Enable syntax highlighting for a code block #​4970
• Using Logo Axios in Readme.md #​4993
• Fix markup for note in README #​4825
• Fix typo and formatting, add colons #​4853
• Fix typo in readme #​4942

Security

• Update SECURITY.md #​4687

Contributors to this release

• Bertrand Marron

• Dmitriy Mozgovoy

• Dan Mooney

• Michael Li

• aong

• Des Preston

• Ted Robertson

• zhoulixiang

• Arthur Fiorette

• Kumar Shanu

• JALAL

• Jingyi Lin

• Philipp Loose

• Alexander Shchukin

• Dave Cardwell

• Cat Scarlet

• Luca Pizzini

• Kai

• Maxime Bargiel

• Brian Helba

• reslear

• Jamie Slome

• Landro3

• rafw87

• Afzal Sayed

• Koki Oyatsu

• Dave

• 暴走老七

• Spencer

• Adrian Wieprzkowicz

• Jamie Telin

• 毛呆

• Kirill Shakirov

• Rraji Abdelbari

• Jelle Schutter

• Tom Ceuppens

• Johann Cooper

• Dimitris Halatsis

• chenjigeng

• João Gabriel Quaresma

• Victor Augusto

• neilnaveen

• Pavlos

• Kiryl Valkovich

• Naveen

• wenzheng

• hcwhan

• Bassel Rachid

• Grégoire Pineau

• felipedamin

• Karl Horky

• Yue JIN

• Usman Ali Siddiqui

• WD

• Günther Foidl

• Stephen Jennings

• C.T.Lin

• mia-z

• Parth Banathia

• parth0105pluang

• Marco Weber

• Luca Pizzini

• Willian Agostini

• Huyen Nguyen

v1.14.0

Compare Source

v1.13.6

Compare Source

This release focuses on platform compatibility, error handling improvements, and code quality maintenance.

⚠️ Important Changes

• Breaking Changes: None identified in this release.
• Action Required: Users targeting React Native should verify their integration, particularly if relying on specific Blob or FormData behaviours, as improvements have been made to support these objects.

🚀 New Features

• React Native Blob Support: Axios now includes support for React Native Blob objects. Thanks to @​moh3n9595 for the initial implementation. (#​5764)
• Code Quality: Implemented prettier across the codebase and resolved associated formatting issues. (#​7385)

🐛 Bug Fixes

• Environment Compatibility:

  • Fixed module exports for React Native and Browserify environments. (#​7386)
  • Added safe FormData detection for the WeChat Mini Program environment. (#​7324)

• Error Handling:

  • AxiosError.message is now correctly enumerable. (#​7392)
  • AxiosError.from now correctly copies the status property from the source error, ensuring better error propagation. (#​7403)

🔧 Maintenance & Chores

• Dependencies: Updated the development_dependencies group (5 updates). (#​7432)
• Infrastructure: Migrated @​rollup/plugin-babel from v5.3.1 to v6.1.0. (#​7424)
• Documentation: Added missing JSDoc comments to utilities. (#​7427)

🌟 New Contributors

We are thrilled to welcome our new contributors! Thank you for helping improve the project:

• @​Gudahtt (#​7386)
• @​ybbus (#​7392)
• @​Shiwaangee (#​7324)
• @​skrtheboss (#​7403)
• @​Janaka66 (#​7427)
• @​moh3n9595 (#​5764)
• @​digital-wizard48 (#​7424)

Full Changelog: v1.13.5...v1.13.6

v1.13.5

Compare Source

Release 1.13.5

Highlights

• Security: Fixed a potential Denial of Service issue involving the __proto__ key in mergeConfig. (PR #​7369)
• Bug fix: Resolved an issue where AxiosError could be missing the status field on and after v1.13.3. (PR #​7368)

Changes

Security

• Fix Denial of Service via __proto__ key in mergeConfig. (PR #​7369)

Fixes

• Fix/5657. (PR #​7313)
• Ensure status is present in AxiosError on and after v1.13.3. (PR #​7368)

Features / Improvements

• Add input validation to isAbsoluteURL. (PR #​7326)
• Refactor: bump minor package versions. (PR #​7356)

Documentation

• Clarify object-check comment. (PR #​7323)
• Fix deprecated Buffer constructor usage and README formatting. (PR #​7371)

CI / Maintenance

• Chore: fix issues with YAML. (PR #​7355)
• CI: update workflow YAMLs. (PR #​7372)
• CI: fix run condition. (PR #​7373)
• Dev deps: bump karma-sourcemap-loader from 0.3.8 to 0.4.0. (PR #​7360)
• Chore(release): prepare release 1.13.5. (PR #​7379)

New Contributors

• @​sachin11063 (first contribution — PR #​7323)
• @​asmitha-16 (first contribution — PR #​7326)

Full Changelog: axios/axios@v1.13.4...v1.13.5

v1.13.4

Compare Source

Overview

The release addresses issues discovered in v1.13.3 and includes significant CI/CD improvements.

Full Changelog: v1.13.3...v1.13.4

What's New in v1.13.4

Bug Fixes

• fix: issues with version 1.13.3 (#​7352) (ee90dfc)
  • Fixed issues discovered in v1.13.3 release
  • Cleaned up interceptor test files
  • Improved workflow configurations

Infrastructure & CI/CD

• refactor: ci and build (#​7340) (8ff6c19)

  • Major refactoring of CI/CD workflows
  • Consolidated workflow files for better maintainability
  • Added mise configuration for the development environment
  • Improved sponsor block update automation
  • Enhanced issue and PR templates
  • Added automatic release notes generation
  • Implemented workflow cancellation for concurrent runs

• chore: codegen and some updates to workflows (76cf77b)

  • Code generation improvements
  • Workflow optimisations

Migration Notes

Breaking Changes

None in this release.

Deprecations

None in this release.

Contributors

Thank you to all contributors who made this release possible! Special thanks to:

• jasonsaayman - Release management and CI/CD improvements

v1.13.3

Compare Source

Bug Fixes

• http2: Use port 443 for HTTPS connections by default. (#​7256) (d7e6065)
• interceptor: handle the error in the same interceptor (#​6269) (5945e40)
• main field in package.json should correspond to cjs artifacts (#​5756) (7373fbf)
• package.json: add 'bun' package.json 'exports' condition. Load the Node.js build in Bun instead of the browser build (#​5754) (b89217e)
• silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7257) (7d19335)
• turn AxiosError into a native error (#​5394) (#​5558) (1c6a86d)
• types: add handlers to AxiosInterceptorManager interface (#​5551) (8d1271b)
• types: restore AxiosError.cause type from unknown to Error (#​7327) (d8233d9)
• unclear error message is thrown when specifying an empty proxy authorization (#​6314) (6ef867e)

Features

• add undefined as a value in AxiosRequestConfig (#​5560) (095033c)
• add automatic minor and patch upgrades to dependabot (#​6053) (65a7584)
• add Node.js coverage script using c8 (closes #​7289) (#​7294) (ec9d94e)
• added copilot instructions (3f83143)
• compatibility with frozen prototypes (#​6265) (860e033)
• enhance pipeFileToResponse with error handling (#​7169) (88d7884)
• types: Intellisense for string literals in a widened union (#​6134) (f73474d), closes /github.com/microsoft/TypeScript/issues/33471#issuecomment-1376364329

Reverts

• Revert "fix: silentJSONParsing=false should throw on invalid JSON (#​7253) (#​7…" (#​7298) (a4230f5), closes #​7253 #​7 #​7298
• deps: bump peter-evans/create-pull-request from 7 to 8 in the github-actions group (#​7334) (2d6ad5e)

Contributors to this release

• Ashvin Tiwari
• Nikunj Mochi
• Anchal Singh
• jasonsaayman
• Julian Dax
• Akash Dhar Dubey
• Madhumita
• Tackoil
• Justin Dhillon
• Rudransh
• WuMingDao
• codenomnom
• Nandan Acharya
• Eric Dubé
• Tibor Pilz
• Gabriel Quaresma
• Turadg Aleahmad
• JohnTitor
• rohit miryala
• Wilson Mun
• techcodie
• Ved Vadnere
• svihpinc
• SANDESH LENDVE
• Lubos
• Jarred Sumner
• Adam Hines
• Subhan Kumar Rai
• Joseph Frazier
• KT0803
• Albie
• Jake Hayes

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cubic-dev-ai]

No issues found across 1 file

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	solhint@​6.0.1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm rlp under MPL-2.0 License: MPL-2.0 - The applicable license policy does not permit this license (5) (npm metadata) License: MPL-2.0 - The applicable license policy does not permit this license (5) (package/package.json) License: MPL-2.0 - The applicable license policy does not permit this license (5) (package/LICENSE) From: ? → npm/@openzeppelin/hardhat-upgrades@3.9.1 → npm/@nomicfoundation/hardhat-toolbox@6.1.0 → npm/@nomicfoundation/hardhat-toolbox-viem@4.1.1 → npm/rlp@2.2.7 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rlp@2.2.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		High CVE: Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() in npm serialize-javascript CVE: GHSA-5c6j-r48x-rmvq Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() (HIGH) Affected versions: < 7.0.3 Patched version: 7.0.3 From: ? → npm/@nomicfoundation/hardhat-toolbox@6.1.0 → npm/@nomicfoundation/hardhat-toolbox-viem@4.1.1 → npm/hardhat@2.27.1 → npm/serialize-javascript@6.0.2 ℹ Read more on: This package | This alert | What is a CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known high severity CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/serialize-javascript@6.0.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Deprecated by its maintainer: npm rimraf Reason: Rimraf versions prior to v4 are no longer supported From: ? → npm/@graphprotocol/graph-cli@0.98.1 → npm/rimraf@2.7.1 ℹ Read more on: This package | This alert | What is a deprecated package? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Research the state of the package and determine if there are non-deprecated versions that can be used, or if it should be replaced with a new, supported solution. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/rimraf@2.7.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report